Redefining the Perimeter

The word “perimeter” gives many people flashbacks to Geometry class, rulers, and measuring lengths. For those with a more military background, a perimeter is a boundary between secure and insecure. But to the general public, it might simply be a fence. Due to this perception, the cybersecurity industry believes the term perimeter should no longer be used, because it often leads people to a sense of false confidence that a single “fence” is enough.

The simple fact is that our needs in cybersecurity have evolved dramatically due to our increased usage of technology. Massive advances in techniques by attackers have poured even more fuel on the fire. This doesn’t mean we should abandon the concept of the perimeter. Instead, let’s make a leap from this basic concept and advance it forward. This is why we want to “Redefine the Perimeter”.

From a pure cybersecurity perspective, perimeter defense is all about repelling attacks coming from any direction. The important phrase here is “attacks coming from any direction”. The security industry is very familiar with the concept of defense in depth. This concept assumes that an attacker can get past outside protection layers. It pushes us to focus on security at every layer, since an attacker requires a series of steps to complete the goals of an attack. Every one of these steps presents an opportunity for us to deter an attacker and ultimately disrupt a security breach as early as possible.

To truly integrate security at every touchpoint, we need to stop fixating on our narrow-minded concept of the security perimeter and truly zoom our lens back to get a wider angle. We should account for every indirect and direct way that an attacker can touch their target. This begins with early stage reconnaissance that an attacker performs to gather information on their target, all the way through each touchpoint that allows an attacker to get a foothold, lay low, move around freely in an environment, and continually perform their destructive goals. This more expansive perspective that breaks down the complete process of an attack will allow defenders to fully grasp the multiple steps required to execute a successful attack. Ultimately, it will allow us to adapt to attacker behavior at a greater level of detail and craft a much more secure architecture.

So how do we get started?

Knowing that we are dealing with a highly complex technology environment, a top to bottom approach works best. At the very top, breaking down the environment based on the intended security positioning is key. Security Zones, as we call them, help us in this effort by categorizing items into three discrete buckets.

The Three Security Zones

Public - Intended to be accessible and visible to the general public

Edge - The transition point that connects Public to Private

Private - Intended to be secure and ONLY accessible to authorized individuals

Within each of these zones are technology services, applications, and devices. These components connect to each other to form complex pathways that allow us to conduct business, but unintentionally, we open these same pathways for attackers as well.

As we peel back the layers of this redefined perimeter, we start to see that a completely new method of visualization is required. We must visualize our technology environments through these complete pathways to gain the perspective of the attacker. By identifying all the steps taken by an attacker, we see far beyond a single opportunity for protection. We can see into the horizon and pinpoint all the opportunities to disrupt an attacker along their path.